[openssl-users] Getting General SSL Help

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Feb 27 19:55:32 UTC 2015

Eric Rescorla's book SSL and TLS is a good start. There are many online references and tutorials, but I can't say I've found any I'm especially fond of. SSL and TLS is now quite old (unless he's written a new edition; the one I have is from 2001), but TLS 1.2 is not so terribly different from 1.0 as to make the book misleading. Basically the past fourteen years have seen some protocol tweaks and suites with new cryptographic primitives (ciphers, digests, combining modes, etc). These have important security ramifications but don't introduce major new conceptual matters.

To answer your specific question below: certificates are not called certificate requests. Those are two different things. A certificate request is a message sent to a CA asking it to generate a signed certificate.

From: openssl-users [openssl-users-bounces at openssl.org] on behalf of Lion Kimbro [lionkimbro at gmail.com]
Sent: Friday, February 27, 2015 1:23 PM
To: openssl-users at openssl.org
Subject: [openssl-users] Getting General SSL Help

Hello, thank you.

I'm wondering:  Where can I go to get answers to basic questions about SSL?  I've been learning about SSL while using OpenSSL to make SSL certificates for work, and I have a lot of questions.

For example, one of my questions is:
"Why are certificates called certificate requests?"  I would think that a request for a certificate would be a message on the order of [a machine encoded:] "Hello would you please send me your certificate?", or "Hello, would you please send me your certificate for example.net<http://example.net>?"

Instead, I find that a certificate request (crt) is an actual certificate file?

I'm having difficulty finding in my research, answers to basic questions like this.  What's a good forum on the Internet for finding answers to more fundamental SSL questions like this?

Thank you,
  Lion Kimbro

Click here<https://www.mailcontrol.com/sr/MZbqvYs5QwJvpeaetUwhCQ==> to report this email as spam.

This message has been scanned for malware by Websense. www.websense.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150227/d06dd2e9/attachment.html>

More information about the openssl-users mailing list